Home | Member Login | Contact | Blog
 

Point of View


Twitter Logo

Linked In Logo

RSS Feed Logo

Blog Archive

Tags

Display as : cloud | list

Go Back

Pay-at-the-pump fraud on the rise

Steven Hughes

7/14/2011 4:06:04 PM

According to recent news reports, at least 60 people in suburban Tucson have reported fraudulent transactions after swiping their cards to pay for gas – the latest in a rash of card skimming incidents at gasoline pumps nationwide. Only a few weeks ago, police in West Covina, Calif., launched a public awareness campaign after skimming devices were discovered at multiple gas stations. And last year, one Florida police department even recommended that motorists avoid using pay-at-the-pump terminals altogether, instead opting instead to pay inside with cash.

So how can consumers pump gas without the fear of compromised data? What needs to be done differently to prevent these incidents from taking place?

The National Association of Convenience Stores has launched an awareness campaign that focuses on steps retailers can take to protect cardholder data at the pump. These measures include:
* Conduct daily inspections of card readers, PIN pads and unattended terminals.
* Be on the lookout for suspicious activity around pumps.
* Communicate with police.

While those are all good tips, the fact is gas station skimming has been around for years, mostly because the industry continues to use universal access keys that open pay-at-the-pump enclosures, easing the ability of thieves to insert the skimming devices. In addition, some gas stations are behind the PCI compliance curve. This lack of compliance can help aid thieves who are getting usable data right at the pump, before it is transmitted back to the station’s central terminal.

PCI affects the petroleum world in several areas:
Fuel Island Transactions (pay at the pump) – all debit transactions require strong TDES encryption.
Inside Transactions (customer facing payment devices) – all in-store debit transactions must also use TDES encryption.
POS Software – all payment processing software residing on the retailer’s POS system must meet PA-DSS certification. Since PCI addresses secure cardholder data, this requirement affects the transmission of card-based transactions and the subsequent storage of card data.

As criminals continue to learn new ways to keep up with security countermeasures, retailers, as well as the payment card industry, need to adapt as well. The cost to become compliant varies widely based on the size of the business, but the decreased data loss risks are worth it.

Message from Steven Hughes

payment industry trends PCI skimming

Facebook DZone It! Digg It! StumbleUpon Technorati Del.icio.us NewsVine Reddit Blinklist Furl it!

Post a comment!
  4. Formatting options
       
     
    		 
    		 
     
       



Sitemap | Privacy Policy | Legal © 2009 Secure POS Vender Alliance. All Rights Reserved.